ClawHub

Bosszp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed guide for scraping and visualizing BOSS直聘 job listings, but users should verify permission and handle cookies and stored data carefully.

Install only if you intend to run a job-listing scraper responsibly. Check BOSS直聘 terms, robots policies, and applicable law first; avoid using personal session cookies unless necessary; keep any cookies out of shared files; restrict the MySQL database and Flask dashboard to trusted local access; store only the fields you need; and verify the `flash` dependency before installing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is broad enough to trigger on general requests about scraping, analysis, or report generation without clear scope limits, which can cause the agent to invoke a data-collection workflow in inappropriate contexts. Because this skill performs web scraping, database writes, and web serving, accidental activation increases the chance of unauthorized collection, policy violations, or unexpected side effects.

Missing User Warnings

High
Confidence
95% confidence
Finding
The document provides end-to-end instructions for scraping job data, storing it in MySQL, and exposing results via a Flask dashboard, but gives no warning about legality, terms-of-service restrictions, privacy obligations, or safe handling of collected data. In this context, the omission is dangerous because it lowers friction for users to conduct potentially unauthorized scraping and persist third-party data without safeguards, increasing legal, privacy, and operational risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal